krb5/krb5-mechglue_inqure_attrs.patch

From 26f94f6e8fd99ee0dfc2f71afb38c74a12482601 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Wed, 16 Dec 2015 19:31:22 -0500
Subject: [PATCH] Fix mechglue on gss_inquire_attrs_for_mech()

This includes proper mechanism selection in gss_inquire_attrs_for_mech()
itself as well as passing the correct mech down from gss_accept_sec_context()
through allow_mech_by_default().

Also-authored-by: Simo Sorce <simo@redhat.com>
---
 src/lib/gssapi/mechglue/g_accept_sec_context.c | 2 +-
 src/lib/gssapi/mechglue/g_mechattr.c           | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index 6c72d1f..4a86024 100644
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -245,7 +245,7 @@ gss_cred_id_t *		d_cred;
 	    status = GSS_S_NO_CRED;
 	    goto error_out;
 	}
-    } else if (!allow_mech_by_default(selected_mech)) {
+    } else if (!allow_mech_by_default(gssint_get_public_oid(selected_mech))) {
 	status = GSS_S_NO_CRED;
 	goto error_out;
     }
diff --git a/src/lib/gssapi/mechglue/g_mechattr.c b/src/lib/gssapi/mechglue/g_mechattr.c
index e9299f4..4bd44b5 100644
--- a/src/lib/gssapi/mechglue/g_mechattr.c
+++ b/src/lib/gssapi/mechglue/g_mechattr.c
@@ -161,6 +161,7 @@ gss_inquire_attrs_for_mech(
 {
     OM_uint32       status, tmpMinor;
     gss_mechanism   mech;
+    gss_OID         selected_mech;
 
     if (minor == NULL)
         return GSS_S_CALL_INACCESSIBLE_WRITE;
@@ -173,7 +174,11 @@ gss_inquire_attrs_for_mech(
     if (known_mech_attrs != NULL)
         *known_mech_attrs = GSS_C_NO_OID_SET;
 
-    mech = gssint_get_mechanism((gss_OID)mech_oid);
+    status = gssint_select_mech_type(minor, mech_oid, &selected_mech);
+    if (status != GSS_S_COMPLETE)
+        return (status);
+
+    mech = gssint_get_mechanism(selected_mech);
     if (mech != NULL && mech->gss_inquire_attrs_for_mech != NULL) {
         status = mech->gss_inquire_attrs_for_mech(minor,
                                                   mech_oid,
-- 
2.6.4
Backport patch to fix mechglue for gss_inqure_attrs_for_mech() 2015-12-17 02:12:51 +00:00			`From 26f94f6e8fd99ee0dfc2f71afb38c74a12482601 Mon Sep 17 00:00:00 2001`
			`From: Robbie Harwood <rharwood@redhat.com>`
			`Date: Wed, 16 Dec 2015 19:31:22 -0500`
			`Subject: [PATCH] Fix mechglue on gss_inquire_attrs_for_mech()`

			`This includes proper mechanism selection in gss_inquire_attrs_for_mech()`
			`itself as well as passing the correct mech down from gss_accept_sec_context()`
			`through allow_mech_by_default().`

			`Also-authored-by: Simo Sorce <simo@redhat.com>`
			`---`
			`src/lib/gssapi/mechglue/g_accept_sec_context.c \| 2 +-`
			`src/lib/gssapi/mechglue/g_mechattr.c \| 7 ++++++-`
			`2 files changed, 7 insertions(+), 2 deletions(-)`

			`diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c`
			`index 6c72d1f..4a86024 100644`
			`--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c`
			`+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c`
			`@@ -245,7 +245,7 @@ gss_cred_id_t * d_cred;`
			`status = GSS_S_NO_CRED;`
			`goto error_out;`
			`}`
			`- } else if (!allow_mech_by_default(selected_mech)) {`
			`+ } else if (!allow_mech_by_default(gssint_get_public_oid(selected_mech))) {`
			`status = GSS_S_NO_CRED;`
			`goto error_out;`
			`}`
			`diff --git a/src/lib/gssapi/mechglue/g_mechattr.c b/src/lib/gssapi/mechglue/g_mechattr.c`
			`index e9299f4..4bd44b5 100644`
			`--- a/src/lib/gssapi/mechglue/g_mechattr.c`
			`+++ b/src/lib/gssapi/mechglue/g_mechattr.c`
			`@@ -161,6 +161,7 @@ gss_inquire_attrs_for_mech(`
			`{`
			`OM_uint32 status, tmpMinor;`
			`gss_mechanism mech;`
			`+ gss_OID selected_mech;`

			`if (minor == NULL)`
			`return GSS_S_CALL_INACCESSIBLE_WRITE;`
			`@@ -173,7 +174,11 @@ gss_inquire_attrs_for_mech(`
			`if (known_mech_attrs != NULL)`
			`*known_mech_attrs = GSS_C_NO_OID_SET;`

			`- mech = gssint_get_mechanism((gss_OID)mech_oid);`
			`+ status = gssint_select_mech_type(minor, mech_oid, &selected_mech);`
			`+ if (status != GSS_S_COMPLETE)`
			`+ return (status);`
			`+`
			`+ mech = gssint_get_mechanism(selected_mech);`
			`if (mech != NULL && mech->gss_inquire_attrs_for_mech != NULL) {`
			`status = mech->gss_inquire_attrs_for_mech(minor,`
			`mech_oid,`
			`--`
			`2.6.4`